About

Accounts

Friends

You are at the newest post.Click here
to check if anything new just came in.

January082008

Can You Hide Your Public IP Address? Anonymizing IP Address

When connecting to the Internet, your home computer (or network router) is assigned a public IP address. As you visit Web sites or other Internet servers, that public IP address is transmitted and recorded in log files kept on those servers. Access logs leave behind a trail of your Internet activity. If it were possible to somehow hide your public IP address, your Internet activity would become much more difficult to trace.

Unfortunately, it is not technically possible to always hide the public IP address of a home network. An IP address enables devices to locate and communicate with each other on the Internet. Completely hiding the IP address of a device would render it invisible but also unusable online. On the other hand, it is possible to hide public IP addreseses from most Internet servers in most situations. This method involves an Internet service called an anonymous proxy server.

Anonymous Proxy Servers (Anonymizing IP Address)

An anonymous proxy server ("proxy") is a special type of server that acts as an intermediary between a home network and the rest of the Internet. An anonymous proxy server makes requests for Internet information on your behalf, using its own IP address instead of yours. Your computer only accesses Web sites indirectly, through the proxy server.

This way, Web sites will see the proxy's IP address, not your home IP address. Using an anonymous proxy server requires a simple configuration of the Web browser (or other Internet client software that supports proxies). Proxies are identified by a combination of URL and TCP port number.

Numerous free anonymous proxy servers exist on the Internet, open for anyone to use. These servers may have bandwidth traffic limits, may suffer from reliability or speed problems, or might permanently disappear from the Internet without notice. Such servers are most useful for temporary or experimental purposes.

Anonymous proxy services that charge fees in return for better quality of service also exist. These services are designed for regular use by households.

Hiding Your IP Address - Related ToolsSeveral related software tools (both free and paid versions) support anonymizing proxies. The Firefox extension called "switchproxy," for example, supports defining a pool of proxy servers in the Web browser and automatically switching between them at regular time intervals. In general, these tools help you both find proxies and also simplify the process of configuring and using them. The ability to hide an IP address increases your privacy on the Internet. Other approaches to improving Internet privacy also exist and complement each other. Managing Web browser cookies, using encryption when sending personal information, running a firewall and other techniques all contribute toward a greater feeling of safety and security when going online.

January072008

$9K Per Song in RIAA Lawsuit Damages Is Constitutional

The Department of Justice says the jury's $222K damage assessment in the RIAA lawsuit against Jammie Thomas is constitutional, in what appears to be a fairly serious blow to American file sharing defendants [updated in light of comment].

Thomas had been found guilty of sharing 24 songs on the Kazaa file sharing network -- an average of $9,250 per song. She and her lawyer argued that the damages were unconstitutional, given that those 24 songs would have cost only $23.76 on iTunes.

According to Assistant Attorney General Jeffrey Bucholtz, the damages are not "so severe and oppressive as to be wholly disproportioned to the offense."

The next logical question is, "well then, what level of damages would be proportioned to the offense?" Bucholtz claims to be stumped. In his brief, he writes, "it is impossible to calculate the damages caused by a single infringement, particularly for infringement that occurs over the internet."

So the damages are impossible to calculate -- nonetheless, they were calculated to be $9,250 per song.

Part of the $221,976.24 discrepancy between what Jammie Thomas could have paid for the songs and what she now owes for downloading and sharing them is due to the idea that if enough people hear about the high damage amount, they'll be less likely to download and share files online. Bucholtz claims that the Copyright Act requires the damages not only to compensate record labels for lost sales, but also to serve a "deterrent purpose" by discouraging file sharing by non-defendants.

Some experts, including one we talked to, predicted that the fee would be struck down as unconstitutional, but apparently it will stand, and future RIAA lawsuit defendants could face similar fees unless something changes.

Maine Legal Students Defend Fellow Scholars from RIAA Lawsuits

For the RIAA, suing students for downloading music is like shooting fish in a barrel. University ISPs offer an easy way to match an IP address to a relatively small group of people, and students -- while generally poor -- would probably pay a settlement in the thousands-of-dollars range, rather than expose themselves to potentially ruinous damage judgments and years of legal headaches.

Soon after the University of Maine started forwarding RIAA notices to students, those who received the notice began asking the Cumberland Legal Aid Clinic, which allows third-year legal students to practice law under faculty supervision, for help, and their wishes were granted. They'll be defended by legal students at their own university.

Lawyers will be getting rich from copyright feuds for decades to come, so legal students would do well to acquaint themselves with these types of cases. And, of course, the students targeted by the RIAA need access to cheap defense. We could see lots of other universities follow their lead.

U-of-M associate professor Deirdre Smith explained why it makes sense to have legal students defend RIAA lawsuit targets to P2Pnet, which first reported the news:

These cases may be a particularly good fit for law school clinical programs because student attorneys are generally younger than most practicing attorneys and likely to be more familiar with the technology involved with these cases. It is also beneficial for the student-defendants to be able to work with an advocate who is closer to them in age; they can build a rapport and trust more easily than perhaps with older attorneys. I would also add that our students are enthusiastic about being directly connected to a case with a national scope and significance, as well as having the chance to help fellow students in a positive and important way.

In other respects, however, this case is no different from the hundreds of others we take each year in that our clients have a legal problem but cannot afford an attorney. Indeed, in this case, our clients face even greater potential financial liability than most of our other clients.

Since the clients in these file-sharing cases are so young, they may have little or no understanding of the legal system or their rights, and are usually overwhelmed by the prospect of being liable for statutory damages. Therefore, they are particularly ill-prepared to represent themselves.

For these reasons as well, we regarded this case as ideally serving our dual mission of providing hand-on training for future attorneys while also providing much-needed representation to clients who would otherwise be unable to afford an attorney.

These students did a good job on their brief, according to what Ray Beckerman of Recording Industry vs. The People told P2Pnet.

"An experienced practicing lawyer, I reviewed the brief prepared by student attorneys Hannah Ames and Lisa Chmelecki, under professor Smith’s supervision, and these young people did a bang-up job in exposing the fact that the RIAA has no case."

Use Tor P2P. Get Arrested.

A German blogger has a posting about how the police came knocking on his door, arrested him and confiscated all his computer equipment. The crime? He runs a Tor server, a sort of P2P anonymous proxy server that allows people to anonymously surf the Web, download files, and unfortunately download child pornography with relative impunity. Well, impunity for the downloaders using the P2P Tor server, not so anonymous for the Tor server admin. Specifically, the police stated he was suspected of placing a bomb-threat at a german copper-forum called copzone.de - a forum the blogger never heard about. Obviously, it was someone else using his Tor proxy server to post the message.

The Tor website itself espouses the benefits of Tor by stating, "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security." Yeah, right. Other than the uber-security conscious, who other than criminals and hackers would actually use the Tor network? Ok, I suppose it does have some uses in totalitarian states like China to get around China's infamous firewall that blocks many legitimate websites. I retract my last statement then.

So the question is "Is the blogger an accomplice to the crime?" After all, his Tor server aided in the crime. The answer? He isn't an accomplice to the crime since otherwise ISPs, which route traffic, would be held liable for the actions of its users. The actual crime the police were looking to charge him with was the bomb threat itself and not an accomplice-related crime. I'm sure the police asked the forum admin for the source IP address of the posting and then went to the ISP and asked for who was registered to that IP address at that specific time.

There are so many ways of forging your source IP address on the Internet, it's a wonder anyone can be convicted simply on source IP address alone. I guess that's why they also confiscated his computer equipment for corrobarating evidence. But the keystone coppers didn't realize his Tor-server was running 500km away and didn't bother to confiscate that server. The blogger tried to explain as he was being arrested that he runs a Tor server, but the police weren't tech savvy and so he was taken downtown for questioning. His wife also got a good scare from the police "visit".

Apparently the blogger has lost his "civil" courage and fighting for the right to keep a Tor server up-and-running. He writes, "The consequences: I’ve shut down my Tor-server. I can’t do this any more, my wife and I were scared to death. I’m at the end of my civil courage. I’ll keep engaged in the Tor-project but I won’t run a server any more. Sorry. No."

Ironically, while doing a security audit of TMC's network, I discovered the former IT administrator accidentally left a static IP address mapping to an ISA Server 2004 proxy server. Using a packet analyzer I noticed viagra spam and other spam being sent out via the proxy server. I also noticed Tor traffic was taking advantage of the open proxy server. I shut that down real quick, but just imagine the liability for TMC if someone did something illegal via this open proxy. Relatedly, home users better think twice before setting up a WiFi access point - even with WEP turned on, this can be cracked in 5 minutes. I bet home insurance companies will soon have to offer a separate liability insurance or additional fee to their home insurance policies to cover Internet crimes being perpetrated by criminals using an unsecured or hacked WiFi access point.

In any event, while the charges were eventually dropped, he incurred lawyer fees, and is attempting to recoup them by suing. Though he writes, "They stopped the investigation. I’m sitting on a pile of bills from my lawyer no one except me has to pay. I’ll sue for compensation, but I don’t think that this will lead anywhere."

So all you civil libertarians that think the Internet should be a free-for-all with no consequences better take note. While this happened in Germany and I'm not sure if Germany has a 1st Amendment equivalent, the idea or principle that "freedom of speech" is "free" is far from true.Secure Your Hard DriveSecure Your Internet Connection